[nsp-sec] Determined malware distributor

Mon Oct 19 19:46:57 EDT 2009

Hi, we have a very determined malware distributor, amusingly using our name here, see

hxxp://clara.net.tll1ill.net/owa/service_directory/settings.php?email=g.jones@clara.net&from=clara.net&fromname=g.jones


$ (echo "begin" && host clara.net.tll1ill.net | awk '{ print $4 }' && echo "end") | nc whois.cymru.com whois | sort -n
Bulk mode; whois.cymru.com [2009-10-19 23:42:57 +0000]
1680    | 89.138.127.135   | NetVision Ltd.
3462    | 218.162.125.232  | HINET Data Communication Business Group
4766    | 211.195.69.45    | KIXS-AS-KR Korea Telecom
4766    | 211.199.225.132  | KIXS-AS-KR Korea Telecom
5603    | 86.61.58.129     | SIOL-NET Telekom Slovenije d.d.
7049    | 190.0.167.233    | Silica Networks Argentina S.A.
7303    | 190.137.185.10   | Telecom Argentina S.A.
7303    | 190.30.143.28    | Telecom Argentina S.A.
7303    | 201.253.255.241  | Telecom Argentina S.A.
7418    | 190.82.176.224   | Terra Networks Chile S.A.
9121    | 88.247.239.23    | TTNET TTnet Autonomous System
9319    | 112.72.162.134   | HCNCHUNGJU-AS-KR CHEONGJU CABLE TV SYSTEMS
9680    | 218.162.125.232  | HINETUSA HiNet Service Center in U.S.A
22047   | 200.86.21.40     | VTR BANDA ANCHA S.A.
27699   | 189.46.118.100   | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699   | 189.47.29.3      | TELECOMUNICACOES DE SAO PAULO S/A - TELESP

Any assistance appreciated, if not just for informative purposes :)

------------------------------------------------
David Freedman
Group Network Engineering 
Claranet Limited
http://www.clara.net